Lucene search
K

90 matches found

NVD
NVD
added 2024/11/07 10:15 a.m.17 views

CVE-2024-51504

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

9.1CVSS0.00924EPSS
Exploits0References2
OSV
OSV
added 2024/11/07 10:15 a.m.8 views

UBUNTU-CVE-2024-51504

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

9.1CVSS7.1AI score0.00924EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/07 9:52 a.m.45 views

CVE-2024-51504 Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

0.00924EPSS
Exploits0References1
CVE
CVE
added 2024/11/07 9:52 a.m.180 views

CVE-2024-51504

CVE-2024-51504 affects ZooKeeper Admin Server via IPAuthenticationProvider. Default IP detection uses HTTP headers (X-Forwarded-For) and can be spoofed, leading to authentication bypass for IP-based auth. Admin commands like snapshot/restore may be exploited after bypass. Impact: potential inform...

9.1CVSS9.2AI score0.00924EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/07 9:52 a.m.17 views

CVE-2024-51504 Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

7.1AI score0.00924EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/11/07 9:52 a.m.13 views

CVE-2024-51504

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

9.1CVSS7.5AI score0.00924EPSS
Exploits0
CNNVD
CNNVD
added 2024/11/07 12:0 a.m.4 views

Apache Zookeeper 安全漏洞

Apache ZooKeeper is a centralized service under the Apache Software Foundation for maintaining configuration information, naming, providing distributed synchronization, and providing group services. An authentication bypass vulnerability exists in Apache ZooKeeper versions prior to 3.9.3. The...

9.1CVSS6.7AI score0.00924EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.2 views

Net Titanium Technology idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system from China's Net Titanium Technology Net Titanium Technology. A security vulnerability exists in Net Titanium Technology idcCMS v1.35, which was discovered to contain a cross-site...

8.8CVSS7.1AI score0.00295EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2023/07/14 6:31 a.m.6 views

com.netcetera.girders.demos:girders-demo-adminserver (>=6.0.0 <=6.1.0), com.senzhikong:depend-cloud-monitor (>=1.1.0 <=1.1.1) +11 more potentially affected by CVE-2023-38286 via de.codecentric:spring-boot-admin-server (>=3.0.0 <=3.1.1)

de.codecentric:spring-boot-admin-server MAVEN version =3.0.0, =6.0.0, =1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =7.0.0-RC4, =7.0.0-RC6 Source cves: CVE-2023-38286 Source advisory: OSV:GHSA-7GJ7-224W-VPR3...

7.5CVSS7.1AI score0.00875EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/07/14 6:31 a.m.4 views

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), cn.home1:oss-admin (>=1.0.6.OSS <=1.0.7.OSS) +56 more potentially affected by CVE-2023-38286 via de.codecentric:spring-boot-admin-server (>=1.0.2 <=2.7.15)

de.codecentric:spring-boot-admin-server MAVEN version =1.0.2, =0.5.0, =1.0.6.OSS, =1.2.3-RELEASE, =3.0.3.RELEASE, =1.0.0, =1.1.3, =3.0.10, =1.0.0, =5.0.18, =1.5.0-Beta, =1.5.1-RC - com.wudgaby.platform:health-admin-server =1.0.5 and more Source cves: CVE-2023-38286 Source advisory:...

7.5CVSS7.1AI score0.00875EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/04/20 9:33 p.m.6 views

ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.2 <=0.2.0), ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24) +5083 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.0.0.RELEASE <=2.5.14)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.0.0.RELEASE, =0.1.2, =0.5.0, =0.5.21, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.24 and more Source cves: CVE-2023-20873 Source advisory: OSV:GHSA-G5H3-W5...

9.8CVSS7.2AI score0.01122EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:17 p.m.3 views

Malicious code in fxa-admin-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eea90520b4800eeeb089157ac4413f03f7f2624478b5420eb886c87e530c6b47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/03/31 6:30 p.m.12 views

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-gateway-server (>=0.5.0 <=0.5.24) +1082 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-webflux (>=2.0.0.RELEASE <=2.5.11)

org.springframework.boot:spring-boot-starter-webflux MAVEN version =2.0.0.RELEASE, =0.5.0, =0.5.0, =0.5.0, =2.1.0, =2.1.2.RELEASE, =1.3, =0.5.0, =3.1.37, =3.1.13, =3.1.85, =3.1.13, =3.1.13, =3.1.295 - ch.mobi.mobitor:mobitor-doc =3.1.13 - city.smartb.f2:f2-spring-boot-starter-function-http =0.1.0...

9.8CVSS7.1AI score0.99677EPSS
Exploits100
NVD
NVD
added 2021/10/26 8:15 p.m.28 views

CVE-2019-3556

HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...

8.1CVSS0.01731EPSS
Exploits0References3
OSV
OSV
added 2021/10/26 8:15 p.m.21 views

CVE-2019-3556

HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...

8.1CVSS6.9AI score0.01731EPSS
Exploits0References3
Prion
Prion
added 2021/10/26 8:15 p.m.17 views

Design/Logic Flaw

HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...

5.5CVSS8.1AI score0.01731EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2021/10/26 8:15 p.m.47 views

CVE-2019-3556

HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...

8.1CVSS7.2AI score0.01731EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/10/26 8:5 p.m.33 views

CVE-2019-3556

HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...

8.1AI score0.01731EPSS
Exploits0References3
CVE
CVE
added 2021/10/26 8:5 p.m.61 views

CVE-2019-3556

The CVE-2019-3556 issue affects HHVM where the admin server’s dump-pcre-cache handler accepts an unvalidated filesystem path parameter, enabling a malicious user to overwrite arbitrary files with the privileges of the HHVM user. This can write to arbitrary locations and is tied to HHVM versions: ...

8.1CVSS8AI score0.01731EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2021/06/16 6:3 p.m.6 views

ai.tock:bot-test (>=20.9.3 <=21.9.2), ai.tock:bot-test-base (>=20.9.3 <=21.9.2) +1431 more potentially affected by CVE-2021-27568 via net.minidev:json-smart (>=1.0.6.3 <=1.3.1)

net.minidev:json-smart MAVEN version =1.0.6.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =0.0.13, =1.13.3, =1.15.0 - bio.ferlab:datalake-spark302.12 =0.2.39 and more Source cves: CVE-2021-27568 Source advisory: OSV:GHSA-V528-7HRM-F...

5.9CVSS6.7AI score0.02886EPSS
Exploits1
Rows per page
Query Builder